What is PCI - PowerPoint PPT Presentation

1 / 8
About This Presentation
Title:

What is PCI

Description:

Payment Card Industry Compliance Certification. Administered by Merchant Bank Wells Fargo ... solution to support online registration needs for conferences ... – PowerPoint PPT presentation

Number of Views:19
Avg rating:3.0/5.0
Slides: 9
Provided by: stan7
Category:
Tags: pci | fargo | online | wells

less

Transcript and Presenter's Notes

Title: What is PCI


1
What is PCI?
  • Payment Card Industry Compliance Certification
  • Administered by Merchant Bank Wells Fargo
  • Based on 12 point Data Security Standard
  • Applies to software, infrastructure, networks,
    physical access, business process, and
    documentation
  • Possibility of severe fines and penalties if
    not certified
  • Departments must annually provide proof of
    compliance Self Assessment Questionnaire
  • Relevant systems must submit quarterly to
    network scans performed by independent vendor

2
Who Must Comply?
  • Any organization that processes 20,000
    ecommerce transactions per year
  • Departments will be audited individually based on
    Merchant ID
  • Any department handling credit card information
    must submit questionnaire
  • Regulations will change in 2006 to include all
    transaction types point-of-sale, mail order,
    etc.

3
Why is This Necessary?
  • Required by Payment Card Industry in order to
    accept credit cards as payment for goods and
    services
  • Increased occurrences of identity theft
  • Increased visibility to breaches due to recent
    legislation
  • Universities are particularly vulnerable

4
How Does this Change Credit Card processing at
Stanford?
  • It will affect all business units that process
    credit card transactions of any kind POS,
    ecommerce, mail order, phone/fax orders, refunds
  • It will affect IT departments supporting systems
    that store, transmit, or process cardholder
    information
  • All 3rd Party payment applications will be
    required to provide proof of compliance hosted
    solutions, payment systems, etc.
  • Additional, centralized oversight processes will
    be created and enforced
  • The cost of accepting credit cards will go up

5
Whats Been Done So Far?
  • Project approved and sponsored by Randy
    Livingston
  • Core project team defined
  • Functional control for eCommerce moved to
    Controllers office
  • Contract signed with AmbironTrustWave for
    compliance consulting and network scans
  • Initial client communication has gone out to
    departments that hold credit card merchant
    accounts
  • Key Ecommerce clients have started assessment
    process
  • Advisory team created

6
Whats Next?
  • Assessments and scans will be ongoing through
    Q106
  • Ecommerce Gateway will be updated to meet
    compliance rules
  • Stanfords Ecommerce strategy will be redefined
    based on compliance requirements
  • Existing ecommerce sites must complete
    remediation requirements or discontinue service
  • Controllers Office will conduct pilot program
    for hosted solution to support online
    registration needs for conferences and other
    events (launched 11/05)
  • Stanford will host first PCI Symposium with
    members from peer institutions

7
What Can Departments Do?
  • Designate a single point of contact from your
    organization
  • Help to identify all credit card activity within
    your department
  • Support process change where applicable for
    compliance purposes
  • Communicate PCI information department-wide
  • Suspend new ecommerce system implementation until
    audit is complete

8
Where Can I Find More Info?
  • http//www.visa.com/cisp
  • Documents of interest
  • PCI Data Security Standards
  • PCI Self-Assessment Questionnaire
  • PCI Security Scanning Procedures
Write a Comment
User Comments (0)
About PowerShow.com